Building Blocks in Asset Rules

An asset (or content) rule has the following information:
Rule Name
A name for the policy rule.
A description that explains the purpose of the rule.
Specify a value to indicate the impact of the issue. The value can range from 1 to 5, with 5 representing the highest severity.
A rule can be in the enabled or disabled state. The predefined data patterns provided by Prisma SaaS are automatically enabled.
After you Configure Data Patterns, you must enable the pattern.
Match Criteria
Specifies what the rule scans for and the number of occurrences or frequency required to trigger an alert. See Match Criteria for Asset Rules for details about each rule type.
When you change the match criteria settings, you automatically trigger a rescan of all assets for the corresponding SaaS application. Prisma SaaS uses the updated settings in the policy rule configuration to rescan assets and identify incidents.
Allows you to specify whether Prisma SaaS should trigger one of the following actions to carry out Automatic Remediation or if it should simply log the event as a incident.
  • Quarantine
    —Automatically moves the compromised asset to a quarantine folder. For
    User Quarantine
    , you can send the asset to a quarantine folder in the owner’s root directory for the associated cloud app. For
    Admin Quarantine
    , you can send the asset to a special Admin quarantine folder which only an Admin can access. When the asset is quarantined, you can send the asset owner an email that describes the actions that were taken.
  • Change Sharing
    —Automatically removes links that allow the asset to be publicly-accessed. For
    Direct Links
    you can remove the direct link on the asset only. For
    Public Links on Parent Folders
    you can also remove links that expose the asset due to inheritance from the parent folders.
  • Notify File Owner
    —Sends an email digest to the asset owner that describes actions they can take to fix the issue.
  • Notify via Bot
    — Sends a message using the Cisco Webex bot that you configured in Begin Scanning a Cisco Webex Teams App.
  • Apply Classification
    —Automatically applies the classification and priority labels to the third party classification data pattern match criteria.
  • Create Incident
    —Automatically changes incident status to
    and the incident category to
    so the administrator can Assess Incidents.
  • Send Admin Alert
    —Select send admin alert for compliance issues that need immediate action, such as policy rules that are high risk or sensitive. Sends an email digest to the asset administrator that describes actions they can take to fix the issue.
View which autoremediate options are supported for each sanctioned SaaS application.

Recommended For You